@intranefr/superbackend 1.5.3 → 1.6.3

package/src/services/waitingListJson.service.js

@@ -0,0 +1,401 @@
+const crypto = require('crypto');
+const { 
+  getJsonConfigValueBySlug, 
+  updateJsonConfigValueBySlug, 
+  clearJsonConfigCacheByPattern,
+  isJsonConfigCached,
+  getJsonConfigCacheInfo
+} = require('./jsonConfigs.service');
+
+const WAITING_LIST_ENTRIES_KEY = 'waiting-list-entries';
+const WAITING_LIST_STATS_KEY = 'waiting-list-stats';
+
+/**
+ * Waiting List JSON Service
+ * Manages waiting list data using JSON Configs system with enhanced caching
+ */
+
+function generateId() {
+  return crypto.randomBytes(16).toString('hex');
+}
+
+function normalizeEmail(email) {
+  return String(email || '').trim().toLowerCase();
+}
+
+function validateEntry(entry) {
+  if (!entry || typeof entry !== 'object') {
+    const err = new Error('Entry must be an object');
+    err.code = 'VALIDATION';
+    throw err;
+  }
+
+  if (!entry.email || typeof entry.email !== 'string') {
+    const err = new Error('Email is required');
+    err.code = 'VALIDATION';
+    throw err;
+  }
+
+  const normalizedEmail = normalizeEmail(entry.email);
+  if (!normalizedEmail.includes('@')) {
+    const err = new Error('Invalid email format');
+    err.code = 'VALIDATION';
+    throw err;
+  }
+
+  if (!entry.type || typeof entry.type !== 'string') {
+    const err = new Error('Type is required');
+    err.code = 'VALIDATION';
+    throw err;
+  }
+
+  return {
+    id: entry.id || generateId(),
+    email: normalizedEmail,
+    type: String(entry.type).trim(),
+    status: entry.status || 'active',
+    referralSource: entry.referralSource || 'website',
+    createdAt: entry.createdAt || new Date().toISOString(),
+    updatedAt: entry.updatedAt || new Date().toISOString()
+  };
+}
+
+/**
+ * Get waiting list entries with caching
+ */
+async function getWaitingListEntries(options = {}) {
+  try {
+    const data = await getJsonConfigValueBySlug(WAITING_LIST_ENTRIES_KEY, {
+      bypassCache: options.bypassCache
+    });
+    
+    return {
+      entries: Array.isArray(data.entries) ? data.entries : [],
+      lastUpdated: data.lastUpdated || null
+    };
+  } catch (error) {
+    if (error.code === 'NOT_FOUND') {
+      return { entries: [], lastUpdated: null };
+    }
+    throw error;
+  }
+}
+
+/**
+ * Add new waiting list entry with automatic cache invalidation
+ */
+async function addWaitingListEntry(entryData) {
+  const validatedEntry = validateEntry(entryData);
+
+  try {
+    const result = await updateJsonConfigValueBySlug(WAITING_LIST_ENTRIES_KEY, (currentData) => {
+      const data = currentData || { entries: [] };
+      const entries = Array.isArray(data.entries) ? data.entries : [];
+
+      // Check for duplicate email
+      const existingEntry = entries.find(e => 
+        normalizeEmail(e.email) === normalizeEmail(validatedEntry.email)
+      );
+
+      if (existingEntry) {
+        const err = new Error('This email is already on our waiting list');
+        err.code = 'DUPLICATE_EMAIL';
+        throw err;
+      }
+
+      // Add new entry
+      entries.push(validatedEntry);
+      
+      return {
+        ...data,
+        entries,
+        lastUpdated: new Date().toISOString()
+      };
+    }, { invalidateCache: true });
+
+    // Clear stats cache since data changed
+    clearWaitingListCache();
+
+    return validatedEntry;
+  } catch (error) {
+    // If the config doesn't exist, initialize it first
+    if (error.code === 'NOT_FOUND') {
+      await initializeWaitingListData();
+      
+      // Retry the operation after initialization (only once)
+      try {
+        return await addWaitingListEntry(entryData);
+      } catch (retryError) {
+        // If we still get NOT_FOUND, something went wrong with initialization
+        if (retryError.code === 'NOT_FOUND') {
+          const err = new Error('Failed to initialize waiting list data structure');
+          err.code = 'INITIALIZATION_FAILED';
+          throw err;
+        }
+        throw retryError;
+      }
+    }
+    throw error;
+  }
+}
+
+/**
+ * Update waiting list entry
+ */
+async function updateWaitingListEntry(entryId, updates) {
+  if (!entryId) {
+    const err = new Error('Entry ID is required');
+    err.code = 'VALIDATION';
+    throw err;
+  }
+
+  const result = await updateJsonConfigValueBySlug(WAITING_LIST_ENTRIES_KEY, (currentData) => {
+    const data = currentData || { entries: [] };
+    const entries = Array.isArray(data.entries) ? data.entries : [];
+
+    const entryIndex = entries.findIndex(e => e.id === entryId);
+    if (entryIndex === -1) {
+      const err = new Error('Waiting list entry not found');
+      err.code = 'NOT_FOUND';
+      throw err;
+    }
+
+    // Update entry with validation
+    const updatedEntry = validateEntry({
+      ...entries[entryIndex],
+      ...updates,
+      id: entryId, // Preserve original ID
+      updatedAt: new Date().toISOString()
+    });
+
+    entries[entryIndex] = updatedEntry;
+
+    return {
+      ...data,
+      entries,
+      lastUpdated: new Date().toISOString()
+    };
+  }, { invalidateCache: true });
+
+  // Clear stats cache since data changed
+  clearWaitingListCache();
+
+  return result;
+}
+
+/**
+ * Remove waiting list entry
+ */
+async function removeWaitingListEntry(entryId) {
+  if (!entryId) {
+    const err = new Error('Entry ID is required');
+    err.code = 'VALIDATION';
+    throw err;
+  }
+
+  const result = await updateJsonConfigValueBySlug(WAITING_LIST_ENTRIES_KEY, (currentData) => {
+    const data = currentData || { entries: [] };
+    const entries = Array.isArray(data.entries) ? data.entries : [];
+
+    const entryIndex = entries.findIndex(e => e.id === entryId);
+    if (entryIndex === -1) {
+      const err = new Error('Waiting list entry not found');
+      err.code = 'NOT_FOUND';
+      throw err;
+    }
+
+    // Remove entry
+    entries.splice(entryIndex, 1);
+
+    return {
+      ...data,
+      entries,
+      lastUpdated: new Date().toISOString()
+    };
+  }, { invalidateCache: true });
+
+  // Clear stats cache since data changed
+  clearWaitingListCache();
+
+  return result;
+}
+
+/**
+ * Get waiting list statistics with 5-minute TTL
+ */
+async function getWaitingListStats(options = {}) {
+  const ttlSeconds = options.ttlSeconds || 300; // 5 minutes default
+
+  try {
+    // Try to get cached stats first
+    if (!options.bypassCache && isJsonConfigCached(WAITING_LIST_STATS_KEY)) {
+      const cacheInfo = getJsonConfigCacheInfo(WAITING_LIST_STATS_KEY);
+      if (cacheInfo.exists && cacheInfo.ttlRemaining > 0) {
+        return await getJsonConfigValueBySlug(WAITING_LIST_STATS_KEY);
+      }
+    }
+
+    // Generate fresh stats
+    const { entries } = await getWaitingListEntries();
+    
+    const activeEntries = entries.filter(e => e.status === 'active');
+    const totalSubscribers = activeEntries.length;
+
+    // Type aggregation
+    const typeAgg = activeEntries.reduce((acc, entry) => {
+      const type = String(entry.type || 'unknown').trim();
+      acc[type] = (acc[type] || 0) + 1;
+      return acc;
+    }, {});
+
+    // Backward compatibility fields
+    const buyerCount = (typeAgg.buyer || 0) + (typeAgg.both || 0);
+    const sellerCount = (typeAgg.seller || 0) + (typeAgg.both || 0);
+
+    // Mock growth data (same as original)
+    const growthThisWeek = Math.floor(totalSubscribers * 0.05);
+
+    const stats = {
+      totalSubscribers,
+      buyerCount,
+      sellerCount,
+      typeCounts: typeAgg,
+      growthThisWeek,
+      lastUpdated: new Date().toISOString()
+    };
+
+    // Cache the stats
+    await updateJsonConfigValueBySlug(WAITING_LIST_STATS_KEY, () => stats, { 
+      invalidateCache: false 
+    });
+
+    return stats;
+  } catch (error) {
+    if (error.code === 'NOT_FOUND') {
+      // Return default stats if no data exists
+      return {
+        totalSubscribers: 0,
+        buyerCount: 0,
+        sellerCount: 0,
+        typeCounts: {},
+        growthThisWeek: 0,
+        lastUpdated: new Date().toISOString()
+      };
+    }
+    throw error;
+  }
+}
+
+/**
+ * Get paginated waiting list entries for admin
+ */
+async function getWaitingListEntriesAdmin(filters = {}) {
+  const { status, type, email, limit = 50, offset = 0 } = filters;
+  
+  const { entries } = await getWaitingListEntries();
+  
+  // Apply filters
+  let filteredEntries = entries;
+  
+  if (status) {
+    filteredEntries = filteredEntries.filter(e => e.status === status);
+  }
+  
+  if (type) {
+    filteredEntries = filteredEntries.filter(e => e.type === type);
+  }
+  
+  if (email) {
+    const searchEmail = normalizeEmail(email);
+    filteredEntries = filteredEntries.filter(e => 
+      normalizeEmail(e.email) === searchEmail
+    );
+  }
+  
+  // Sort by creation date (newest first)
+  filteredEntries.sort((a, b) => 
+    new Date(b.createdAt || 0).getTime() - new Date(a.createdAt || 0).getTime()
+  );
+  
+  // Apply pagination
+  const parsedLimit = Math.min(500, Math.max(1, parseInt(limit, 10) || 50));
+  const parsedOffset = Math.max(0, parseInt(offset, 10) || 0);
+  
+  const paginatedEntries = filteredEntries.slice(parsedOffset, parsedOffset + parsedLimit);
+  
+  return {
+    entries: paginatedEntries,
+    pagination: {
+      total: filteredEntries.length,
+      limit: parsedLimit,
+      offset: parsedOffset
+    }
+  };
+}
+
+/**
+ * Clear all waiting list related caches
+ */
+function clearWaitingListCache() {
+  return clearJsonConfigCacheByPattern('waiting-list-*');
+}
+
+/**
+ * Get waiting list cache information
+ */
+function getWaitingListCacheInfo() {
+  return {
+    entries: getJsonConfigCacheInfo(WAITING_LIST_ENTRIES_KEY),
+    stats: getJsonConfigCacheInfo(WAITING_LIST_STATS_KEY)
+  };
+}
+
+/**
+ * Initialize waiting list data structure if it doesn't exist
+ */
+async function initializeWaitingListData() {
+  try {
+    await getJsonConfigValueBySlug(WAITING_LIST_ENTRIES_KEY, { bypassCache: true });
+  } catch (error) {
+    if (error.code === 'NOT_FOUND') {
+      // Create initial data structure
+      const { createJsonConfig } = require('./jsonConfigs.service');
+      await createJsonConfig({
+        title: 'Waiting List Entries',
+        alias: WAITING_LIST_ENTRIES_KEY,
+        jsonRaw: JSON.stringify({
+          entries: [],
+          lastUpdated: new Date().toISOString()
+        }),
+        publicEnabled: false,
+        cacheTtlSeconds: 300
+      });
+    } else {
+      throw error;
+    }
+  }
+}
+
+module.exports = {
+  // Core operations
+  getWaitingListEntries,
+  addWaitingListEntry,
+  updateWaitingListEntry,
+  removeWaitingListEntry,
+  getWaitingListStats,
+  getWaitingListEntriesAdmin,
+  
+  // Cache management
+  clearWaitingListCache,
+  getWaitingListCacheInfo,
+  
+  // Utilities
+  initializeWaitingListData,
+  validateEntry,
+  normalizeEmail,
+  generateId,
+  
+  // Constants
+  WAITING_LIST_ENTRIES_KEY,
+  WAITING_LIST_STATS_KEY
+};

package/src/utils/rbac/rightsRegistry.js

@@ -1,4 +1,5 @@
 const DEFAULT_RIGHTS = [
+  // Existing RBAC rights
   'rbac:roles:read',
   'rbac:roles:write',
   'rbac:groups:read',
@@ -6,6 +7,8 @@ const DEFAULT_RIGHTS = [
   'rbac:grants:read',
   'rbac:grants:write',
   'rbac:test',
+  
+  // Existing experiment and file manager rights
   'experiments:*',
   'experiments:read',
   'experiments:events:write',
@@ -21,6 +24,121 @@ const DEFAULT_RIGHTS = [
   'file_manager:files:share',
   'backoffice:*',
   'backoffice:dashboard:access',
+  
+  // Admin panel login rights
+  'admin_panel__login',
+  'admin_panel__dashboard',
+  
+  // Dashboard section
+  'admin_panel__overview:read',
+  
+  // User Management section
+  'admin_panel__users:read',
+  'admin_panel__users:write',
+  'admin_panel__organizations:read',
+  'admin_panel__organizations:write',
+  'admin_panel__rbac:read',
+  'admin_panel__rbac:write',
+  'admin_panel__notifications:read',
+  'admin_panel__notifications:write',
+  'admin_panel__waiting-list:read',
+  'admin_panel__waiting-list:write',
+  
+  // Content & Config section
+  'admin_panel__i18n:read',
+  'admin_panel__i18n:write',
+  'admin_panel__i18n-locales:read',
+  'admin_panel__i18n-locales:write',
+  'admin_panel__json-configs:read',
+  'admin_panel__json-configs:write',
+  'admin_panel__markdowns:read',
+  'admin_panel__markdowns:write',
+  'admin_panel__seo-config:read',
+  'admin_panel__seo-config:write',
+  'admin_panel__assets:read',
+  'admin_panel__assets:write',
+  'admin_panel__file-manager:read',
+  'admin_panel__file-manager:write',
+  'admin_panel__ui-components:read',
+  'admin_panel__ui-components:write',
+  'admin_panel__headless:read',
+  'admin_panel__headless:write',
+  'admin_panel__pages:read',
+  'admin_panel__pages:write',
+  'admin_panel__blog:read',
+  'admin_panel__blog:write',
+  
+  // System & DevOps section
+  'admin_panel__global-settings:read',
+  'admin_panel__global-settings:write',
+  'admin_panel__plugins-system:read',
+  'admin_panel__plugins-system:write',
+  'admin_panel__feature-flags:read',
+  'admin_panel__feature-flags:write',
+  'admin_panel__ejs-virtual:read',
+  'admin_panel__ejs-virtual:write',
+  'admin_panel__rate-limiter:read',
+  'admin_panel__rate-limiter:write',
+  'admin_panel__proxy:read',
+  'admin_panel__proxy:write',
+  'admin_panel__cache:read',
+  'admin_panel__cache:write',
+  'admin_panel__db-browser:read',
+  'admin_panel__db-browser:write',
+  'admin_panel__data-cleanup:read',
+  'admin_panel__data-cleanup:write',
+  'admin_panel__migration:read',
+  'admin_panel__migration:write',
+  'admin_panel__webhooks:read',
+  'admin_panel__webhooks:write',
+  'admin_panel__coolify-deploy:read',
+  'admin_panel__coolify-deploy:write',
+  
+  // Monitoring & AI section
+  'admin_panel__audit:read',
+  'admin_panel__audit:write',
+  'admin_panel__errors:read',
+  'admin_panel__errors:write',
+  'admin_panel__experiments:read',
+  'admin_panel__experiments:write',
+  'admin_panel__console-manager:read',
+  'admin_panel__console-manager:write',
+  'admin_panel__health-checks:read',
+  'admin_panel__health-checks:write',
+  'admin_panel__metrics:read',
+  'admin_panel__metrics:write',
+  'admin_panel__llm:read',
+  'admin_panel__llm:write',
+  
+  // Billing & Forms section
+  'admin_panel__stripe-pricing:read',
+  'admin_panel__stripe-pricing:write',
+  'admin_panel__forms:read',
+  'admin_panel__forms:write',
+  
+  // Automation section
+  'admin_panel__agents:read',
+  'admin_panel__agents:write',
+  'admin_panel__telegram:read',
+  'admin_panel__telegram:write',
+  'admin_panel__workflows:read',
+  'admin_panel__workflows:write',
+  'admin_panel__scripts:read',
+  'admin_panel__scripts:write',
+  'admin_panel__crons:read',
+  'admin_panel__crons:write',
+  'admin_panel__terminals:read',
+  'admin_panel__terminals:write',
+  
+  // Section wildcards for easier role management
+  'admin_panel__user-management:*',
+  'admin_panel__content-config:*',
+  'admin_panel__system-devops:*',
+  'admin_panel__monitoring-ai:*',
+  'admin_panel__billing-forms:*',
+  'admin_panel__automation:*',
+  
+  // Superuser wildcard
   '*',
 ];
 

package/test-access.js

@@ -0,0 +1,63 @@
+require('dotenv').config();
+const mongoose = require('mongoose');
+
+async function testAccessControl() {
+  try {
+    await mongoose.connect(process.env.MONGODB_URI, { authSource: 'admin' });
+    console.log('✅ Connected to MongoDB');
+
+    // Check if roles and grants exist
+    const RbacRole = require('./src/models/RbacRole');
+    const RbacGrant = require('./src/models/RbacGrant');
+    const User = require('./src/models/User');
+
+    // Find the limited-admin user
+    const user = await User.findOne({ email: 'limitedadmin@example.com' });
+    
+    if (!user) {
+      console.log('❌ User not found');
+      return;
+    }
+    
+    console.log(`✅ Found user: ${user.email} (${user.role})`);
+
+    // Find the limited-admin role
+    const limitedAdminRole = await RbacRole.findOne({ key: 'limited-admin' });
+    if (!limitedAdminRole) {
+      console.log('❌ limited-admin role not found');
+      return;
+    }
+    
+    console.log(`✅ Found role: ${limitedAdminRole.name}`);
+
+    // Check grants for the role
+    const grants = await RbacGrant.find({ 
+      subjectType: 'role',
+      subjectId: limitedAdminRole._id 
+    });
+    
+    console.log(`\n📋 Role grants (${grants.length}):`);
+    grants.forEach(grant => {
+      console.log(`  - ${grant.right}`);
+    });
+
+    // Check specific permissions
+    const auditGrant = grants.find(g => g.right === 'admin_panel__audit:read');
+    const usersGrant = grants.find(g => g.right === 'admin_panel__users:read');
+    const errorsGrant = grants.find(g => g.right === 'admin_panel__errors:read');
+
+    console.log('\n🔍 Permission Summary:');
+    console.log(`Audit access: ${auditGrant ? '✅ ALLOWED' : '❌ DENIED'}`);
+    console.log(`Users access: ${usersGrant ? '✅ ALLOWED' : '❌ DENIED'}`);
+    console.log(`Errors access: ${errorsGrant ? '✅ ALLOWED' : '❌ DENIED'}`);
+
+    console.log('\n🎉 Access control test completed!');
+
+  } catch (error) {
+    console.error('❌ Test failed:', error);
+  } finally {
+    await mongoose.disconnect();
+  }
+}
+
+testAccessControl();

package/test-iframe-fix.html

@@ -0,0 +1,63 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <title>Iframe Fix Test</title>
+    <style>
+        body { font-family: Arial, sans-serif; padding: 20px; }
+        .test-container { margin: 20px 0; }
+        iframe { width: 100%; height: 400px; border: 2px solid #ccc; }
+        .success { color: green; font-weight: bold; }
+        .error { color: red; font-weight: bold; }
+    </style>
+</head>
+<body>
+    <h1>Iframe Authentication Fix Test</h1>
+    
+    <div class="test-container">
+        <h2>Test 1: Iframe with Token (Should Work)</h2>
+        <iframe src="/admin/stats/dashboard-home?iframe_token=authenticated"></iframe>
+        <p id="test1-result">Loading...</p>
+    </div>
+    
+    <div class="test-container">
+        <h2>Test 2: Iframe without Token (Should Redirect to Login)</h2>
+        <iframe src="/admin/stats/dashboard-home"></iframe>
+        <p id="test2-result">Loading...</p>
+    </div>
+
+    <script>
+        // Test if iframe loads correctly
+        setTimeout(() => {
+            const iframes = document.querySelectorAll('iframe');
+            
+            // Test 1 - should show Command Center
+            iframes[0].contentDocument && iframes[0].contentDocument.body) {
+                const content = iframes[0].contentDocument.body.innerText;
+                if (content.includes('Command Center')) {
+                    document.getElementById('test1-result').innerHTML = '<span class="success">✅ SUCCESS: Iframe with token loads correctly</span>';
+                } else if (content.includes('login') || content.includes('Login')) {
+                    document.getElementById('test1-result').innerHTML = '<span class="error">❌ FAILED: Iframe with token redirected to login</span>';
+                } else {
+                    document.getElementById('test1-result').innerHTML = '<span class="error">❌ UNKNOWN: Could not determine iframe content</span>';
+                }
+            } else {
+                document.getElementById('test1-result').innerHTML = '<span class="error">❌ FAILED: Could not access iframe content (cross-origin)</span>';
+            }
+            
+            // Test 2 - should redirect to login
+            if (iframes[1].contentDocument && iframes[1].contentDocument.body) {
+                const content = iframes[1].contentDocument.body.innerText;
+                if (content.includes('login') || content.includes('Login')) {
+                    document.getElementById('test2-result').innerHTML = '<span class="success">✅ SUCCESS: Iframe without token correctly redirects to login</span>';
+                } else if (content.includes('Command Center')) {
+                    document.getElementById('test2-result').innerHTML = '<span class="error">❌ FAILED: Iframe without token loaded content (security issue)</span>';
+                } else {
+                    document.getElementById('test2-result').innerHTML = '<span class="error">❌ UNKNOWN: Could not determine iframe content</span>';
+                }
+            } else {
+                document.getElementById('test2-result').innerHTML = '<span class="error">❌ FAILED: Could not access iframe content (cross-origin)</span>';
+            }
+        }, 3000);
+    </script>
+</body>
+</html>

package/test-iframe.html

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <title>Iframe Test</title>
+</head>
+<body>
+    <h1>Iframe Test</h1>
+    <p>Testing iframe loading of admin dashboard content...</p>
+    
+    <iframe src="/admin/stats/dashboard-home" width="100%" height="500" style="border: 1px solid #ccc;"></iframe>
+    
+    <p>If you see the admin dashboard content above, iframes work. If you see a login page, there's a cookie/session issue.</p>
+</body>
+</html>